06/13/2018

Why Email Security Is Incomplete without Sandboxing Technology

by Dena Bauckman

One of the greatest challenges of cybersecurity is that specialized threats require specialized solutions. Few security strategies are comprehensive enough to make cybersecurity both easy and effective.

Sandboxing technology can be the exception. When email contains one or more attachments, the technology scans those emails for malicious content before they even get to the inbox. If there is any cause for alarm, the attachments are sent to a virtual “sandbox” that perfectly mimics the user’s computer. In that “sandbox,” it is safe to statically and dynamically analyze the attachment for malicious activity.

If the attachment is harmless, it’s sent along to the original recipient. But if it contains questionable code, harmful links, or manipulative install commands, the attachment is kept out of the inbox entirely. That way, there is no chance that users could be tricked or tempted to open the attachment.

ZixProtect offers leading sandboxing technology designed to be both ironclad and accessible. Rather than sandboxing all attachments, it focuses on only the suspicious ones — facilitating faster email communications. It also supports a disarm feature that strips active code from attachments and turns them into benign versions of their original documents or harmless PDF files. This distinction is critical as cybersecurity becomes stronger without diminishing the value of email as a business tool.

Sandboxing Technology on the Front Lines of Cybersecurity

Cybersecurity strategies tend to be backward-looking. Protections and protocols are based on known threats, but they’re not always great at identifying zero-hour threats when malware is brand-new and unknown. As a result, a lot of this malware can bypass filters and other protections that don’t yet register it as a threat.

Sandboxing technology performs deep analysis for any suspicious attachment — not just obvious threats. That way, more zero-day malware gets flagged and diverted from ever entering a user’s inbox. And once it’s quarantined, the latest and greatest threats are rendered harmless. Three critical aspects of sandboxing technology include:

• Mirroring the End User: A sandbox is a perfect virtual copy of a user’s computer, so everything that happens in the sandbox mirrors what actual email recipients would experience. Lots of bad attachments appear benign initially and don’t begin to infect a computer until a user takes three or four different actions. The sandbox provides a secure space to interact with bad attachments in-depth and figure out exactly when, where, why, and how they strike.

• Studying the Bad Actor: Modern hacking is a highly effective combination of technical wizardry and social manipulation. Part of why the email inbox is such a hotbed for cyberattacks is that bad emails can look very authentic — and even enticing. The sandbox allows experts to study new threats broadly and deeply, which makes those insights extremely relevant for improving security protocols and designing user training programs.

• Practicing Active Cybersecurity: A cybersecurity strategy that is designed entirely around known threats is doomed to fail. Hackers design new types of malware all the time, and that malware will easily infect inboxes if current protections can’t sound the alarm. Sandboxing empowers companies to be active about cybersecurity and to stay ahead of the next wave of attacks. Instead of trying to minimize the damage of cyberattacks, companies can bypass that damage with ease.

The email inbox has always and will always be under attack. Sandboxing technology is an essential protection because it defuses the danger of email attachments. Better still, when sophisticated sandboxing technology can disarm malicious attachments and keep email flowing at the speed of business, everyone wins — except hackers.